Business Resources

Is Your Small Business in Compliance?

Every small business owner faces a slew of rules and regulations when they open for business. Many have to do with local business codes and laws regarding employees, safety and building issues or permits. Still more deal with compliance, a word that covers among other things, regulations connected to PCI (payment card industry), HIPAA (Health Insurance Portability and Accountability Act), and for companies in the financial sector, all public companies or those looking to go public, Sarbanes-Oxley (SOX).

Below, we've put together a quick primer on these regulations and how they may affect your small business:

PCI - If your small business accepts credit cards or debit cards as payment, you will need to be PCI compliant. This follows the data security standard (PCI DSS) adopted by the world's major payment cards, and it affects thebusiness phone and high speed Internet connections you choose for your business. It determines your IT security plans since it affects your network's firewalls and log-in parameters, encryption over a wireless network, and your data back up and storage requirements, both on-site and remotely.

HIPAA - If you offer health insurance to your employees, the health plan you sponsor is required to be compliant with regard to any and all health information the health plan acquires about your employees. Compliance with HIPAA privacy and security rules includes having a written set of privacy procedures and a process regarding who should have access to the protected health information and how access to this information will be permitted, an emergency back-up plan to retrieve employee health information in case of damage or loss, secure log-in to the physically secured computer which houses these records, and a network firewall to protect against hackers. And if you're a healthcare provider, HIPAA governs the handling and management of your patient files both in paper and digital forms.

Sarbanes-Oxley - SOX compliance only affects public companies, but the smaller that public small business is, the more costly it is to be in compliance. Thorough audits and internal controls make sure that the left hand of the business knows what the right side is doing. They ensure that the stock price isn't being manipulated by the company officers, and they put in place a variety of accounting controls. To mitigate the cost of Sarbanes-Oxley compliance, you can automate your internal controls in one central process that makes it easy to audit and monitor. It's a technology solution that, in the end, should result in a more efficient business; your books will become more transparent and streamlined.